On 23/07/2012, at 3:05 PM, Todd Harpersberger <[email protected]> wrote:
> Running trafficserver 3.2.0 > > I’m trying to terminate multiple SSL cites on my traffic server but it always > gives out the same (first) certificate. > There’s nothing SSL from the default stated in the records.config, and the > traffic.out log indicates that all certs are loaded. > > My ssl_multicert.config looks like: > > dest_ip=10.30.180.9 ssl_cert_name=mydomain.com.pem > dest_ip=10.30.180.10 ssl_cert_name=dev.mydomain.com.pem > > 10.30.180.9 and 10.30.180.10 are bound via separate interfaces. > > If I create a DNS records MYRECORD.dev.mydomain.com = 10.30.180.10 I still > get the mydomain.com.pem cert. Is there any other config needed to parse > this file? Or any other suggestions? If the client asks for a specific hostname, then we will serve the matching certificate before looking for the IP-based certificate. There's also a bug here, because it looks like we will fall back to the default certificate in the absence of a hostname match. We ought to fall back to the IP-based certificate first. Can you explain how your certificates are supposed to be used, so I can figure out whether you are hitting the above bug? > > Thanks! > > -Todd > > > > > > > Privileged/Confidential Information may be contained in this message. If > you are not the addressee indicated in this message, you should destroy > this message. For more information on WPP's business ethical standards > and corporate responsibility policies, please refer to WPP's website. > > >
